-
Bug
-
Resolution: Not a bug
-
Medium
-
None
-
2.5.4
-
None
-
Confluence 2.5.4 massive, Java 1.5, Linux
It would appear that the authenticator could be called twice at almost exactly the same time by 2 or more clustered servers.
It would seem as if when there are 2 load balanced confluence servers with session affinity based on IP that it should not throw an error if you have a single request come in to login and that login involves calling an authenticator to check to see if a user exists and if not then creating it. However, we are getting unique constraint errors when this occurs.
This has been logged within support issue CSP-10474. Attached code used to replicate the issue. Latest info on that plugin at: https://spaces.internet2.edu/display/SHIB/ShibbolizedConfluence
It is also noted that this issue could be caused (with that code) because there are two requests on the same server at the same time to create the user. I'm going to contact them about this and implement a workaround to ignore unique constraint exceptions in this code, but we have only seen this occur when we were clustering more than one server, and it has occurred twice in the last week with a very small (<10 user) userbase.
- is related to
-
-
- Closed
-
[CONFSERVER-9040] Authenticator (subclass of DefaultAuthenticator) can be called twice at almost exactly same time by 2 or more clustered servers
Gary Weaver
added a comment - attached log with errors Gary Weaver
added a comment - attached authenticator used to replicate the issue 
Sorry for not getting back to you sooner on this, Gary. We're just looking at clustering again after a long hiatus, and I stumbled across this old issue.
I don't see this issue as a bug with Confluence. Your authenticator will need to be able to handle the fact that multiple concurrent authentication requests on different nodes could occur. I struggle to see in what circumstance it would occur for the same user that has never logged in before (it would be much more likely for a user that has a remember-me token and a browser with some data cached), but I still don't see what functionality in Confluence we could change to avoid this problem.
The database constraint is how we enforce username uniqueness, so we wouldn't be removing this. The code in the authenticator needs to handle this case gracefully.